07-16-2006 10:41 PM - edited 03-03-2019 04:04 AM
Hello,
I have almost 50 cisco switches, they are accessable through there public IPs, some ports of the switches are used for the local IPs, but some ports of the switchs are used for the Public IP clients, local IP clients are working through VLAN, but public IP clints are not working any VLAN, they are working under VLAN 1, and all switches are also managed through VLAN 1..
* Is it a good method, Or i configure a different VLAN for a Public IP Clients.
Thank You
07-16-2006 11:44 PM
What I suggest is to use separated VLANs for public, private and management traffic. It can prevent the attack from public to your equipment and limited the broadcast domain. However, VLAN routing and ACL is required for the security issue.
07-16-2006 11:58 PM
The special thing about VLAN1 is that it's the native VLAN (as long as you don't change that by configuring a different one as nativ).
The switches exchange a lot of managent-data on the native VLAN, e.g. VTP, STP, CDP etc.
An other thing is that the native VLAN is transmited untagged on trunks which can be a security risk. And port that are not assigned to a VLAN, operate in VLAN1 by default.
That's why some people don't use VLAN1 at all.
A good link regarding switch security: www.nsa.gov/snac/os/switch-guide-version1_01.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide